<?php
require_once('configREST.php');     //sql connection information
require_once('bootstrapREST.php');  //link information

function outputXML($errNum, $errMsgArr, $memberInfo) {
/* @var $AUTH_KEY A key that will be used to prove authentication occurred from this service. */
	/*$controlString = "3p1XyTiBj01EM0360lFw";
	$AUTH_KEY = md5($user.$pw.$controlString);
	
	*/
	global $db;
	
	//START FORMATTING STRING; WRAP CONTENT TAG AROUND ENTIRE MESSAGE
	$outputString = ''; //start empty
	$outputString .= "<?xml version=\"1.0\"?>\n";
	$outputString .= "<content>\n";
	$outputString .= "<errNum>" . $errNum . "</errNum>\n";
	if($errNum == 0){	 
					
			//CREATE AUTH KEY AND GRAB ALL PERSONAL INFO FROM THE USER TABLE
			$outputString .= "<key>" . $memberInfo['AUTHKEY'] . "</key>\n";
			$outputString .="<USER_ID>" . $memberInfo['USER_ID'] . "</USER_ID>\n";
			$outputString .="<EMAIL_ADDRESS>" .$memberInfo['EMAIL_ADDRESS'] . "</EMAIL_ADDRESS>\n";
			$outputString .="<FIRST_NAME>" .$memberInfo['FIRST_NAME'] . "</FIRST_NAME>\n";
			$outputString .="<LAST_NAME>" .$memberInfo['LAST_NAME'] . "</LAST_NAME>\n";
			$outputString .="<CUSTOMER_ID>" .$memberInfo['CUSTOMER_ID'] . "</CUSTOMER_ID>\n";		
				
	} 	
	//INCORRET USERNAME OR PASSWORD
	else {	
		//run through error array and output into xml
		$ct = 0;
		while($ct < $errNum){
			$outputString .="<ERROR>" . $errMsgArr[$ct] . "</ERROR>\n";
			$ct += 1;
		}
	}		
	$outputString .= "</content>";	
	return $outputString;	
}

function doService() {
	
	global $db;
	$errMsgArr = array();
	$errNum = 0;
	
	if(!isset($_GET['u']) || $_GET['u'] ==''){
		$errMsgArr[] = 'Login ID Missing';
		$errNum += 1;
	}	
	if(!isset($_GET['p']) || $_GET['p'] =='' || $_GET['p'] == 'd41d8cd98f00b204e9800998ecf8427e'){
		$errMsgArr[] = 'Password Missing';
		$errNum += 1;
	}

	$user = $_GET['u'];
	$pw = $_GET['p'];
	
	$prep = $db->prepare("SELECT * FROM `user` WHERE EMAIL_ADDRESS = :id AND PASSWORD = :pw ; ");

	//LOOK FOR USERNAME AND PW IN DATABASE THEN CALL OUTPUTXML BASED ON RESULTS
	if ($prep->execute(array(":id" => $user, ":pw" => $pw))) {
		if($prep->rowCount() == 1){
			$memberInfo = $prep->fetch(PDO::FETCH_ASSOC);
			
			//CREATE AUTH KEY BASED ON USERNAME . PASSWORD . CONTROL STRING . CURRENT TIME
			//AND SAVE IN THE DATABASE
			$controlString = "3p1XyTiBj01EM0360lFw";
			$user = strtoupper($memberInfo['EMAIL_ADDRESS']);
			$pw = $memberInfo['PASSWORD'];
			$AUTH_KEY = md5($user.$pw.$controlString);
			$memberInfo['AUTHKEY'] = $AUTH_KEY;
			
			//DEPENDING ON TYPE GRAB THEIR PERSONAL ID
			$qry = "SELECT * FROM `user_customer` WHERE USER_ID=:id";
			
			$prep = $db->prepare($qry);
			
			if ( $prep->execute(array( ":id" => $memberInfo['USER_ID'] ))) {
					$info = $prep->fetch(PDO::FETCH_ASSOC);
					$memberInfo['CUSTOMER_ID'] = $info['CUSTOMER_ID'];			
			} else {				
				$error = $prep->errorInfo();
				$errMsgArr[] = $error[2];
				$errNum += 1;
				return outputXML($errNum, $errMsgArr, '');		
			}		
			
			
			//DEPENDING ON TYPE GRAB THEIR PERSONAL ID
			$qry = "UPDATE `user` SET LAST_LOGIN=NOW() WHERE USER_ID=:id";
			
			$prep = $db->prepare($qry);
			
			if ( $prep->execute(array( ":id" => $memberInfo['USER_ID'] )) ) {		
			} else {				
				$error = $prep->errorInfo();
				$errMsgArr[] = $error[2];
				$errNum += 1;
				return outputXML($errNum, $errMsgArr, '');		
			}
			
			
			
			
			
			$retVal = outputXML($errNum, $errMsgArr, $memberInfo);
		} else {
			$errMsgArr[] = 'Login and Password Incorrect' . $user . ' --- ' . $pw;
			$errNum += 1;
			$retVal = outputXML($errNum, $errMsgArr, '');
		}
	} else {
		$error = $prep->errorInfo();
		$errMsgArr[] = $error[2];
		$errNum += 1;
		$retVal = outputXML($errNum, $errMsgArr, '');		
	}	
	return $retVal;	
}
	
	clean(&$_GET);
	
	$output = doService();
	
	print($output);

?>